Convention 108 and Protocols
Convention 108 – 40 years of protection
On 28 January 2021 the Council of Europe has celebrated the 40th Anniversary of Convention 108, which was open for signature on 28 January 1981. For 40 years, has influenced and shaped the protection of privacy and of data protection in Europe and beyond. Its modernised version (known as Convention 108+) will continue to do so.
The Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data (CETS No. 108)
The Convention opened for signature on 28 January 1981 and was the first legally binding international instrument in the data protection field. Under this Convention, the parties are required to take the necessary steps in their domestic legislation to apply the principles it lays down in order to ensure respect in their territory for the fundamental human rights of all individuals with regard to processing of personal data.
Amendments to Convention 108 allowing the European Communities to accede
Accession by the Communities reflects the European Union's wish to develop co-operation with the Council of Europe and help create a stronger international forum on data protection, particularly vis-à-vis third countries As it stands at present, only states may be Parties to the Convention. It was therefore necessary to draft amendments allowing the European Communities to accede. These amendments were adopted by the Committee of Ministers of the Council of Europe on 15 June 1999.
Additional protocol to Convention 108 regarding supervisory authorities and transborder data flows (ETS No. 181)
With the increase in exchanges of personal data across national borders, it is necessary to ensure the effective protection of human rights and fundamental freedoms, and in particular the right to privacy in relation to such exchanges of personal data. The Additional Protocol opened for signature on 8 November 2001 requires Parties to set up supervisory authorities, exercising their functions in complete independence, which are an element of the effective protection of individuals with regard to the processing of personal data.